In order to get the owner information into the objects, we have to do a little work. For example: Get-WmiObject -class win32_process | Get-Member You can always get the list of things you can do by piping the command to Get-Member. The reason for the choice is that the objects that you get back have a bunch of useful methods on them, one of which is GetOwner() that retrieves the owner of the process – just what we are looking for. Get-Process is the de-facto standard for getting a process list from PowerShell, but I prefer the WMI approach – Get-WmiObject –class win32_process. There are two methods of getting the list of processes on a system. Once I’ve exhausted the built-in methods of getting information, I turn to my favorite tool – PowerShell. Unfortunately, the owner is not available.
After all, Microsoft provides a perfmon object called “Process” – maybe I can just monitor that. One of the things I recently got asked was “how do I get a top-10 type report of processes on a system and who is running them?” This should be fairly straight-forward.
We get a lot of questions here at the Splunk Microsoft Practice – not just on our apps (which are awesome starting points for common Microsoft workloads), but also how to do specific things in Windows.
0 kommentar(er)
